Login
Newsletter
Werbung

Sicherheit: Zwei Probleme in newsbeuter
Aktuelle Meldungen Distributionen
Name: Zwei Probleme in newsbeuter
ID: USN-4585-1
Distribution: Ubuntu
Plattformen: Ubuntu 16.04 LTS
Datum: Fr, 16. Oktober 2020, 06:59
Referenzen: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14500
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12904
Applikationen: Newsbeuter

Originalnachricht


--===============4021757142281680729==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="orxlip4mw6a5biq7"
Content-Disposition: inline


--orxlip4mw6a5biq7
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline


==========================================================================
Ubuntu Security Notice USN-4585-1
October 15, 2020

newsbeuter vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 LTS

Summary:

Newsbeuter could be made to crash or run programs as your login if it
opened a malicious file.

Software Description:
- newsbeuter: open-source RSS/Atom feed reader for text terminals

Details:

It was discovered that Newsbeuter didn't handle the command line input
properly. An remote attacker could use it to ran remote code by crafting
a special input file. (CVE-2017-12904)

It was discovered that Newsbeuter didn't handle metacharacters in its
filename properly. An remote attacker could use it to ran remote code by
crafting a special filename. (CVE-2017-14500)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS:
newsbeuter 2.9-3ubuntu0.1

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/4585-1
CVE-2017-12904, CVE-2017-14500

Package Information:
https://launchpad.net/ubuntu/+source/newsbeuter/2.9-3ubuntu0.1

--orxlip4mw6a5biq7
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEkCdEQ5T6DutSveCybUp5kL3izGYFAl+I0nEACgkQbUp5kL3i
zGb09Q//cYxK2IVBvZ4t8AQwLbFzMGKpy4PMpIiAJKwKYIKABEN5kxSAPN6ROKKj
NXNmIXSDlc4znfdLqE0E2QjmjmkE1XvpOU5nx6qJSQEPc3pxh1ifbiYmOadL87H9
tg/fei4sLM/IMAMuIvZ/FNtmcpZ3hfujvCnMn3h8Kkd9fwTOUMPfMU8N3HWt9p04
38pVvvliorHjHLlYkO/WCmlhZKkZsKu54YRja7thuOlD9aJG/EvXd0/Kpqnyvc85
INoB4sXnQy/gsMBtRxiGivx6WYKpm9tr5sKdtYIzDYVwCAvdZXnLHC8j1ej3e4si
B4QxCj5wYPNwOOTyybIQQu3tpmqThZEBvey9K9CzGnv65EpYH/4qL9gGUeY51s/r
GLq0GP87U7ujnmP28eVngzRUpi8pzwf1CzNNUZWEBq5+lpl7BKaSY9/cel4pF1/6
CCSRqgKy3ctzW/VfLjuXqaO/ltl/U+WboM5o4eHgxwgpWvEBXvPaqa4nKeJsbbM7
tZGUeKBP9kZkWgsqoeNFX5Z6hY2sa0kvSU/OVK28MY0to+D6Zema145M+X8EGTJU
Hsw2lrH3WfeJWfhsfMV7clZMhuDDbyl0iCTXFRtsg/em4vyHxQ72W7emBU2TdRzD
DM9/X+mZDIF+Ui4SU0wk1+Jskf684GhGtjES7oiiNczrVe0djl4=
=rTj+
-----END PGP SIGNATURE-----

--orxlip4mw6a5biq7--


--===============4021757142281680729==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung